« Strange Days Straining Ladle | Home | Disposable Bioplates »
March 13, 2008
BehindTheMedspeak: Heartbeat-b-Gone? The rise of defibrillator hackers
Keith J. Winstein's article may have been relegated to the last page of yesterday's Wall Street Journal Section D but it's at the top of my hit parade of interesting things I've recently read.
His long story short: "Hackers could transmit the same radio signals [as doctors] — without needing a programmer...."
Barnaby J. Feder in yesterday's New York Times wrote, "... a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.
"They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal...."
"The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio that Medtronic, the device’s maker, had embedded in the implant as a way to let doctors monitor and adjust it without surgery.
"... device makers have begun designing them [pacemakers and defibrillators] to connect to the Internet, which allows doctors to monitor patients from remote locations."
Nice new twist for murder mystery writers, what?
Here's the Wall Street Journal story.
- Heart-Device Hacking Risks Seen
Medical devices that control the human heart may need safeguards to protect against remote-control hacking that could deliver electrical shocks to patients, researchers said.
Millions of Americans have pacemakers, which keeps hearts beating regularly, or an implanted defibrillator, which can restart stopped hearts with an electric jolt. After implanting a defibrillator under a patient's skin, a doctor uses a special device, about the size of a breadbox, to tell the defibrillator what to do -- for example, to instruct it to keep the heart beating at a certain rate or deliver a test jolt.
The devices, called programmers, communicate with a defibrillator using radio waves. To prevent tampering, only physicians are allowed to buy one from the manufacturers — Medtronic Inc., Boston Scientific Corp., and St. Jude Medical Inc.
But hackers could transmit the same radio signals — causing a defibrillator to shock or shut down, or divulge a patient's medical information — without needing a programmer, researchers found in a laboratory test of one model from Medtronic.
The study, to be presented at a California computer-security conference in May, suggests manufacturers should consider how to stop unauthorized people from tampering with implanted medical devices that receive instructions via radio waves, a growing category that also includes spinal-cord stimulators and drug-delivery pumps.
"This report demonstrates that you can obtain private information without authorization. You can reprogram the device without authorization," said William Maisel, a Harvard Medical School cardiologist and a co-author. But he cautioned that "our report is a theoretical risk, not an actual risk" and said there was no reason for anybody to consider deferring an implantation or removing a defibrillator.
There are no known cases of malicious tampering with somebody else's defibrillator, Dr. Maisel said. The authors withheld certain details of their experiment to prevent malicious people from repeating the procedure.
The study is the latest in a series that have found flaws in the security of wireless-communication systems — from remote-control car keys, to Bluetooth telephone headsets, to the Wi-Fi technology used to connect to the Internet, to radio-frequency credit cards that can be "tapped" to make payments. But the prospect of remotely controlling somebody else's heart via radio waves rises to a different level, some said.
"I find it absolutely terrifying, the idea of having computer-controlled devices implanted in us," said Aviel Rubin, a professor of computer science at Johns Hopkins University who wasn't involved in the research. "If you can imagine what you might do in a very busy area, sending out a signal that would cause all of the people in the local area's implanted devices to start operating incorrectly, it's a really scary future we're headed towards."
Dr. Maisel and his collaborators — Kevin Fu of the University of Massachusetts, and Tadayoshi Kohno of the University of Washington, both computer-science professors — emphasized that the findings are as yet limited to one model of defibrillator made by Medtronic. They informed the Food and Drug Administration last month, they said.
In a statement, the agency said it had already been working on standards to raise the security of medical devices that receive instructions over radio waves but hadn't finalized them yet. "The chance of an ICD being reprogrammed by a computer hacker is extremely remote," said a spokeswoman, using the abbreviation for implanted defibrillator.
Medtronic acknowledged the report's findings but said the risk to patients was low. The company said it was gradually increasing the sophistication of devices to prevent unauthorized people from tampering with defibrillators, but said it was necessary to balance security with other factors. For example, if each defibrillator had its own password to prevent unauthorized access, a doctor might not be able to control it in an emergency situation, the company said.
Boston Scientific said it used encryption in its defibrillators, and doubted its devices could be hacked.
That last sentence is the funniest thing I've read since "What, me worry?"
Just wait.
Throwdowns like that are never a good idea.
Boston Scientific's gonna learn that when it comes to computers, it's much better to lose the hubris and just shut up.
Wait a minute... what's this?
Oh, only Jacob Goldstein's Wall Street Journal Health Blog post entitled "How to Hack a Defibrillator."
It follows.
- How to Hack a Defibrillator
Like laptops, pacemakers and similar medical devices can communicate over short distances via radio waves — a good thing, for the most part, as it allows health care providers to monitor and even tweak the gizmos as needed without cutting into the patient.
But the wireless communication also opens up the possibility that an evil genius could hack into the life-saving devices to alter their function or take the patient’s medical data.
To make this point, a doc teamed up with some computer scientists and engineers to hack into a Medtronic Maximo, an ICD (implantable cardiodefibrillator) that hit the U.S. market in 2003. In language that would make a dark-side geek swoon, they write: “After partially reverse-engineering the ICD’s communications protocol with an oscilloscope and a software radio, we implemented several software radio-based attacks that could compromise patient safety and patient privacy.”
Of course, their stated purpose is not to give the dark side more evil ideas, but to strengthen the forces of good. To this end, they propose several methods for improving the security of these sorts of devices. Their strategies include requiring better authentication from an external device; alerting the patient if someone is hacking the ICD; and encrypting data transmitted by the device.
Medtronic said it was aware of the findings, and added that hackers don’t pose a high risk to patients, the WSJ reports. The company said it is improving security of the devices, but that security has to be balanced with the need for doctors to quickly and reliably communicate with the devices during patient emergencies.
Here's Feder's story from yesterday's New York Times.
- A Heart Device Is Found Vulnerable to Hacker Attacks
To the long list of objects vulnerable to attack by computer hackers, add the human heart.
The threat seems largely theoretical. But a team of computer security researchers plans to report Wednesday that it had been able to gain wireless access to a combination heart defibrillator and pacemaker.
They were able to reprogram it to shut down and to deliver jolts of electricity that would potentially be fatal — if the device had been in a person. In this case, the researcher were hacking into a device in a laboratory.
The researchers said they had also been able to glean personal patient data by eavesdropping on signals from the tiny wireless radio that Medtronic, the device’s maker, had embedded in the implant as a way to let doctors monitor and adjust it without surgery.
The report, to published at www.secure-medicine.org, makes clear that the hundreds of thousands of people in this country with implanted defibrillators or pacemakers to regulate their damaged hearts — they include Vice President Dick Cheney — have no need yet to fear hackers. The experiment required more than $30,000 worth of lab equipment and a sustained effort by a team of specialists from the University of Washington and the University of Massachusetts to interpret the data gathered from the implant’s signals. And the device the researchers tested, a combination defibrillator and pacemaker called the Maximo, was placed within two inches of the test gear.
Defibrillators shock hearts that are beating chaotically and dangerously back into normal rhythms. Pacemakers use gentle stimulation to slow or speed up the heart. Federal regulators said no security breaches of such medical implants had ever been reported to them.
The researchers said they chose Medtronic’s Maximo because they considered the device typical of many implants with wireless communications features. Radios have been used in implants for decades to enable doctors to test them during office visits. But device makers have begun designing them to connect to the Internet, which allows doctors to monitor patients from remote locations.
The researchers said the test results suggested that too little attention was being paid to security in the growing number of medical implants being equipped with communications capabilities.
“The risks to patients now are very low, but I worry that they could increase in the future,” said Tadayoshi Kohno, a lead researcher on the project at the University of Washington, who has studied vulnerability to hacking of networked computers and voting machines.
The paper summarizing the research is called “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses.” The last part refers to defensive possibilities the researchers outlined that they say would enhance security without draining an implant’s battery. They include methods for warning a patient of tampering or requiring that an incoming signal be authenticated, using energy harvested from the incoming signals.
But Mr. Kohno and Kevin Fu, who led the University of Massachusetts arm of the project, said they had not tried to test the defenses in an actual implant or to learn if anyone trying to use them might run afoul of existing patent claims.
Another participant in the project, Dr. William H. Maisel, a cardiologist who is director of the Medical Device Safety Institute at the Beth Israel Deaconess Medical Center in Boston, said that the results had been shared last month with the F.D.A., but not with Medtronic.
“We feel this is an industry-wide issue best handled by the F.D.A.,” Dr. Maisel said.
The F.D.A. had already begun stepping up scrutiny of radio devices in implants. But the agency’s focus has been primarily on whether unintentional interference from other equipment might compromise the safety or reliability of the radio-equipped medical implants. In a document published in January, the agency included security in a list of concerns about wireless technology that device makers needed to address.
Medtronic, the industry leader in cardiac regulating implants, said Tuesday that it welcomed the chance to look at security issues with doctors, regulators and researchers, adding that it had never encountered illegal or unauthorized hacking of its devices that have telemetry, or wireless control, capabilities.
“To our knowledge there has not been a single reported incident of such an event in more than 30 years of device telemetry use, which includes millions of implants worldwide,” a Medtronic spokesman, Robert Clark, said. Mr. Clark added that newer implants with longer transmission ranges than Maximo also had enhanced security.
Boston Scientific, whose Guidant division ranks second behind Medtronic, said its implants “incorporate encryption and security technologies designed to mitigate these risks.”
St. Jude Medical, the third major defibrillator company, said it used “proprietary techniques” to protect the security of its implants and had not heard of any unauthorized or illegal manipulation of them.
Dr. Maisel urged that patients not be alarmed by the discussion of security flaws. “Patients who have the devices are far better off having these devices than not having them,” he said. “If I needed a defibrillator, I’d ask for one with wireless technology.
"To our knowledge..." — aye, there's the rub.
You can read the complete report, entitled "Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses" and published online yesterday, right here.
Here's a bone for medical malpractice defense attorneys: invoke a rogue programmer as the cause of a drug-delivery pump malfunction that resulted in a fatal narcotic overdose.
Even if it opens just the faintest window of doubt in a jury's mind, it could be enough to lead to a "not guilty" verdict.
March 13, 2008 at 12:01 PM | Permalink
TrackBack
TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c5dea53ef00e5511554518834
Listed below are links to weblogs that reference BehindTheMedspeak: Heartbeat-b-Gone? The rise of defibrillator hackers:
Comments
...and what about tampering of radio communications, such as jamming the radio transmissions?Same horrible results as hacking into the ICD is the inability of the Programmer to "tell" the ICD what to do in emergency cases.
Posted by: Eli Sheffer | Mar 17, 2008 6:08:35 AM
This leaves me almost speechless, I read the journal article too. On top of that, there are all the other pieces that were written on the subject. Free advertising to all those malefactors out there who didn't have a clue before.
Posted by: Milena | Mar 13, 2008 6:28:55 PM
